vjw0rm | c409b163881ea5ee746756d65f515f7a5dca8b622e6d1e557ef963acb6849000 | Triage

Sharing

General

Target

zpgygxtRex.js
Size

30KB
Sample

220620-lpbx7scadq
MD5

7c2e7e5a48421b27561a23936f1d9fee
SHA1

739fde5b0ad4d2f651a16e2458bf3e64bfa748b0
SHA256

c409b163881ea5ee746756d65f515f7a5dca8b622e6d1e557ef963acb6849000
SHA512

149fe69bf7b778ca8e450c2b0d3c4b54a34023b908b8705a65d8da9d060b0e4e46346664f45e100969af3c21315f2bcd9f517ee99b94dfe5bf8134c9cf0dc323

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  zpgygxtRex.js
- Size
  
  30KB
- MD5
  
  7c2e7e5a48421b27561a23936f1d9fee
- SHA1
  
  739fde5b0ad4d2f651a16e2458bf3e64bfa748b0
- SHA256
  
  c409b163881ea5ee746756d65f515f7a5dca8b622e6d1e557ef963acb6849000
- SHA512
  
  149fe69bf7b778ca8e450c2b0d3c4b54a34023b908b8705a65d8da9d060b0e4e46346664f45e100969af3c21315f2bcd9f517ee99b94dfe5bf8134c9cf0dc323
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm